Security Best Practices
- Rotate tokens regularly. Use expirations and rotate before they expire.
- Grant only what you need. Prefer minimal scopes.
- Use service accounts for automation. Avoid personal tokens in CI/CD.
- Store tokens in environment variables or a secret manager. Do not hard‑code tokens.
There are two primary types of keys you can manage, Ingestion Keys and IAM Service Keys.
Ingestion Keys
Ingestion keys are used by log collectors like the Mezmo Agent to send log data to Mezmo, and are also used in commands for the Ingest API. You can have up to 10 ingestion keys active at a time.IAM Service Keys
Identity and Access Management (IAM) access keys represents a significant step forward in enhancing the security of your interactions with our services. IAM access tokens offer several key advantages over the Generation 1 service keys, including:- Enhanced Security: IAM access keys provide more granular control over permissions and integrate with advanced security features, reducing the risk of unauthorized access.
- Improved Auditing Capabilities: IAM Access keys offer enhanced auditing over legacy service keys, detailing who, what, when, and where actions occur. This improves security breach identification, suspicious activity investigation, and audit trails for compliance, offering clearer visibility for proactive security and efficient incident response.
- Improved Flexibility: The new access key system allows for more flexible and dynamic management of access rights, enabling you to manage your integrations with greater precision.
- Future-Proofing: This change aligns with industry best practices for secure access management, ensuring that our security infrastructure remains robust and adaptable to evolving threats.
Personal Access Keys (sta)
Personal Access Keys will be generally available End of Q1 2026
- Accessing APIs with user-level permissions
- Automating tasks that require user authentication
- Integrating with third-party tools and services
- Performing operations within the scope of the user’s access
Service Keys (sts)
Service keys are access Key associated with a service account for automation and CI/CD. These tokens are not associated with a normal user with in your organizations and as such, its level of access is only limited by the access it is granted. For this reason it is highly recommended that the ability to create service account and keys be reserved for account administrators. You can have up to 50 service keys active at a time.
Enterprise Access Keys (ste)
Enterprise access accounts and their access keys are associated with an enterprise rather than an individual Mezmo account. These types of access keys are enabled to perform operations and interactions across many accounts in an effort to streamline and optimized account management for large customers who may have many dozens to hundreds of accounts.
Enterprise Service Accounts are only available through our enterprise dashboard.
Access and Generate New Keys
- Log in to the Mezmo Web App.
- Go to Settings > Organization > API Keys.
- To generate additional ingestion keys, click Generate Ingestion Key for up to a total of 10 keys.
- To generate additional service keys, click Generate Service Key for up to a total of 20 keys.
- Remove an ingestion key by clicking the X next to it. Note that any applications actively using this key will no longer be able to send logs to your account

Access to the API Keys through Settings > Organization

